SQL injection lab PT.3 – Extracting/Obtaining PHP Cookie

Welcome Gurkhas, in Part 3 . . .

Section 9: Obtain PHP Cookie

1. SQL Injection Menu
o Instructions:
1. Select “SQL Injection” from the left navigation

2. Select Tamper Data

o Instructions:
1. Tools –> Tamper Data

3. Start Tamper Data

o Instructions:
1. Click on Start Tamper

4. Basic Injection

o Instructions:
1. Input “1” into the text box.
2. Click Submit.
o Notes(FYI):
 The goal here is see the GET request being made
to the CGI program behind the scenes.
 Also, we will use the “Surname” output with
SQLMAP to obtain database username and password

5. Tamper with request?

o Instructions:
0. Make sure the Continue Tampering? textbox is
1. Then Click Submit


6. Copying the Referer URL

o Instructions:
0. Select the second GET Request
1. Right Click on the Referer Link
2. Select Copy

7. Open Notepad

o Instructions:
0. Applications –> Wine –> Programs –>
Accessories –> Notepad

8. Paste Referer URL into Notepad

o Instructions:
0. Edit –> Paste

11 php

9. Copying the Cookie Information

o Instructions:
0. Right Click on the Cookie line
1. Select Copy

10. Pasting the Cookie Information

o Instructions:
0. Edit –> Paste
o Notes(FYI):
 Now you should have copied both the Referer and
Cookie lines into Notepad. (See Picture)

….Ok Gurkhas, we’ll continue this in next part.

Comment here

This site uses Akismet to reduce spam. Learn how your comment data is processed.